A new cyber security breach has been published by a business Colombia. Data of users who requested a loan from the warehouse alcove be exposed through the link without any restrictions.

According to the blog MuchHackerIn the section of the website where customers can apply for loans, more than 50,000 documents were found with personal information of up to 15,000 people.

The discovery was made by the user Twitterwho contacted the site to alert them of the situation as it was not a cyber attack but a security flaw in the platform and it is not known since when it happened.

You may be interested in: How long does it take for a cybercriminal to guess my email or network password?

Information that has been revealed

This store offers its customers a loan option to purchase the products sold there, for which a person has to go through the procedure in the store, provide personal information and sign agreements on debt legalization, payments, etc.

The request is made in-store or online through the institution’s own platform, which is a vulnerability because anyone can access this information.

The investigation uncovered data such as identification numbers, loan agreement agreements and photographs of customers that are part of the legalization process. It’s all condensed into a free-to-access PDF document.

More personal information was found in the contracts, as these are forms where people enter their email address, date of birth, city of residence, phone numbers, economic activity, type of contract, company they work for, position, monthly income and expenses. .

But in addition to customers, company analysts are also flooded with information about clocks in and out of work, summaries of working hours, work breaks, lunch breaks, and more.

Overall, the website provides access to more 30,000 personal data, including photos, work logs and client details. They can be used to enter each person’s profile and learn more about the loan in the store, or for other crimes outside the platform.

The business has made sure to investigate the situation, take the necessary measures and fix the failure, while also notifying the competent authorities to find those responsible for the vulnerability.

Alcomprar told Infobae:

“From the moment of receiving the messages, the company conducted an appropriate analysis of the situation and took the necessary corrective measures. Currently, information and data are protected and not public.

You may be interested in: Those with Windows 7 and Windows 8 will be vulnerable to cyber attacks

Another case in Colombia

In 2023, this is already the second such case known in the country. The ruling was also issued recently. KeraltA company that owns EPS Sanitaswhich is a vulnerability in relation to the data of its users, leaving them free on the Internet without any protection.

All you have to do is enter the link, which we do not share for the safety of the victims, to get access to the entire content package related to the documentation that people need to provide to the health care facility. to join a healthcare facility.

The types of files stored are scanned citizenship certificates and civil records, affiliate forms and employment contracts, all with high image quality as they are required for internal company procedures.

Bob Diachenko There was an analyst who discovered this failure and found a total of 999,941 documents, but this number could be higher, given that Sanitas It has 4.74 million branches Colombia After Keralty Group handles many other objects such as Colsanitas, Medisanitas and Sanitas University Foundation.

Continue reading: